Security Audit
web-design-guidelines
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
web-design-guidelines received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include External content interpreted as instructions (Prompt Injection), Unpinned external guideline source (Supply Chain Risk), Broad file read access combined with untrusted output instructions (Data Exfiltration).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | External content interpreted as instructions (Prompt Injection) The skill fetches guidelines from an external URL (`https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md`) and explicitly states that 'The fetched content contains all the rules and output format instructions.' This means the host LLM will interpret the content of this external file as instructions, making the skill highly vulnerable to prompt injection if the external source is compromised or malicious. An attacker could inject arbitrary instructions to manipulate the LLM's behavior, override its safety mechanisms, or perform unintended actions. Do not interpret external, untrusted content as instructions for the LLM. If external data is needed, it should be strictly parsed and validated against a predefined schema, and never executed or interpreted as commands/instructions. Consider sandboxing or strict schema validation for external data. | LLM | SKILL.md:20 | |
| HIGH | Unpinned external guideline source (Supply Chain Risk) The skill fetches its guidelines from `https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md`. This URL points to the `main` branch of a GitHub repository, which is unpinned. The content of this file can change at any time without review. A compromise of the `vercel-labs` repository or a malicious update to the `main` branch would directly introduce malicious instructions into the skill's execution flow, leading to prompt injection, data exfiltration, or other attacks without any change to the skill's local code. Pin external dependencies to a specific commit hash or version tag to ensure deterministic and auditable behavior. Implement content integrity checks (e.g., hash verification) for fetched external resources to detect unauthorized modifications. | LLM | SKILL.md:17 | |
| HIGH | Broad file read access combined with untrusted output instructions (Data Exfiltration) The skill is designed to 'Read the specified files' from the user's file system, indicated by the `argument-hint` `<file-or-pattern>`. It then states it will 'Output findings using the format specified in the guidelines.' Given that the guidelines are fetched from an untrusted, unpinned external source and interpreted as instructions (as identified in other findings), an attacker could manipulate the external guidelines to instruct the LLM to read sensitive files and then exfiltrate their content by crafting a malicious 'output format instruction' that includes the file contents. Restrict file access to specific, predefined directories or file types, and implement strict validation and sanitization of file paths. Never allow external, untrusted content to dictate how local files are read or how their content is formatted for output. Ensure that any output of file content is strictly controlled and limited to non-sensitive information or heavily redacted. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/673db84fded9939c)
Powered by SkillShield